I know a few people here are running with MOCA adapters to provide ethernet to their Tivo units. I'm hoping somebody can answer this for me.

How secure is a home network with MOCA? Obviously, the devices are connected to the coax in the home, which in turn runs out to the street and is connected to the nearest "hub" in the neighborhood. Is there some type of filter that you put on the inbound coax line to prevent the MOCA signals from leaving your house? Alternately, is there some security setup to be done on the MOCA devices themselves to encrypt data so only local devices can see each other?

If you have FioS, you can't turn the password on if you want to stay connected to their network. However, you don't have to worry about security since the cable is isolated from other homes.

If you don't have FioS, you can just enable a password on each device. Although it's not likely that the signal is going to go all the way from one house to the next, but it really depends on the cable network. So if you're paranoid, turn it on.

If you have FioS, you can't turn the password on if you want to stay connected to their network. However, you don't have to worry about security since the cable is isolated from other homes.

If you don't have FioS, you can just enable a password on each device. Although it's not likely that the signal is going to go all the way from one house to the next, but it really depends on the cable network. So if you're paranoid, turn it on.

I never understood how a person could see another person's "computer", without sniffing packets, even if you both connect to the same node

I imagine that the node would have to allow broadcasting of all upstream traffic, on the cable, before it converts the RF to light. Is this a reasonable guess?

I never understood how a person could see another person's "computer", without sniffing packets, even if you both connect to the same node

Sniffing packets is not especially difficult, so I see no need for that qualifier. But also, a lot of stuff, like Windows file sharing and even TiVo MRV/TTG, uses broadcast packets to find other systems. This shouldn't be a problem as long as you're behind a NAT, but it's possible (and used to be common) to hook up a PC directly to a cable modem. In such a case, you could open up "Network Neighborhood" and literally see your neighbors' systems.

__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Sniffing packets is not especially difficult, so I see no need for that qualifier. But also, a lot of stuff, like Windows file sharing and even TiVo MRV/TTG, uses broadcast packets to find other systems. This shouldn't be a problem as long as you're behind a NAT, but it's possible (and used to be common) to hook up a PC directly to a cable modem. In such a case, you could open up "Network Neighborhood" and literally see your neighbors' systems.

Ah... I didn't consider that people hooked their computer(s) directly to a cable modem without a firewall in between. I have never considered doing something like that.

Even when I first got symmetrical DSL (approximately 1999) from Covad, and Northpoint) I used software firewall solutions (Black Ice / Zone Alarm). That was long time ago, so my dates are approximate. It also doesn't help that my memory isn't as sharp as it once was

I have Verizon Fios, and I am upgrading my DVRs. I currently have 3 Verzion (Motorola) DVRs (with internal MoCA) that will be replaced by 3 Tivo HDs (one is XL) and 3 NIM 100's.

My question is around security. In my current setup:

Fiber enters the ONP attached to the garage

ONP is connected to my Verizon Actiontec home router with coax (internal MoCA)

ONP is also connected via coax to each of my three television set top boxes (internal MoCA)

Actiontec router has a NAT firewall

Actiontec router drives my internal wired and wireless home network

It seems to me that by definition... my wired/wireless home network is behind the NAT firewall... and that my television set top boxes (MoCA) are outside of the NAT firewall. Doesn't that create a security risk since I have equipment connected outside of my NAT firewall?

I have Verizon Fios, and I am upgrading my DVRs. I currently have 3 Verzion (Motorola) DVRs (with internal MoCA) that will be replaced by 3 Tivo HDs (one is XL) and 3 NIM 100's.

My question is around security. In my current setup:

Fiber enters the ONP attached to the garage

ONP is connected to my Verizon Actiontec home router with coax (internal MoCA)

ONP is also connected via coax to each of my three television set top boxes (internal MoCA)

Actiontec router has a NAT firewall

Actiontec router drives my internal wired and wireless home network

It seems to me that by definition... my wired/wireless home network is behind the NAT firewall... and that my television set top boxes (MoCA) are outside of the NAT firewall. Doesn't that create a security risk since I have equipment connected outside of my NAT firewall?

/Jim

The internal MoCA adapter in the actiontec router is on the internal side of the router.

Doesn't that create a security risk since I have equipment connected outside of my NAT firewall?

You're concerned about people hacking your set-top boxes? Seriously?

Anyway, no -- as far as the IP network is concerned, your STBs are also behind the firewall. IP traffic flows from the STB to the router, and from the router to the ONT (note: not "ONP"). Only QAM video goes directly from the ONT to the STBs. If you doubt it, disconnect the router, and you should see VOD stop working.

__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Anyway, no -- as far as the IP network is concerned, your STBs are also behind the firewall. IP traffic flows from the STB to the router, and from the router to the ONT (note: not "ONP"). Only QAM video goes directly from the ONT to the STBs. If you doubt it, disconnect the router, and you should see VOD stop working.

I am not worried about someone hacking my STB... I am worried about someone bypassing my NAT in the router. I also stand corrected on "ONT" (instead of "ONP").

The thing that is confusing to me, is that the WAN input to my Actiontec router is the coax cable. Also, this same coax cable is what connects the router to the STBs. So you are saying that somehow, this coax input to my router is simultaneously on the WAN and LAN side of the router.

My next question is in regard to the NIM 100 boxes. Can I connect other equipment (ex: a PC) to the RJ45 jacks in addition to the new Tivo units? If so... is there still no security concern? In practice, I am not really considering adding other devices at this time... but I am curious about their operation.

Even if the STBs were outside the NAT (which they aren't), that would not constitute a security risk. Only the STBs themselves would be vulnerable; there would be no path from them to the inside of the NAT.

There is no difficulty in the single jack serving as both LAN and WAN interfaces, nor does that constitute a security risk, either. And yes, you can hook up anything you want to the MoCA adapters.

__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Even if the STBs were outside the NAT (which they aren't), that would not constitute a security risk. Only the STBs themselves would be vulnerable; there would be no path from them to the inside of the NAT.

There is no difficulty in the single jack serving as both LAN and WAN interfaces, nor does that constitute a security risk, either. And yes, you can hook up anything you want to the MoCA adapters.

Thanks. The answer is non-intuitive to me, but I realize that your answer must be correct. When I look at my IP address assignments... I can see that my STBs are indeed on the LAN side of my router.

Next question: When I disconnect my 3 Verizon (Motorola) STBs, and attach the 3 Tivos through the new NIM 100's... is there any setup necessary for the NIM 100's... or is it simply plug and play?

The thing that is confusing to me, is that the WAN input to my Actiontec router is the coax cable. Also, this same coax cable is what connects the router to the STBs. So you are saying that somehow, this coax input to my router is simultaneously on the WAN and LAN side of the router.

/Jim

Keep in mind, that just because they're sharing a physical medium, doesn't mean that they can communicate. So even if though there is a physical link between them, the devices connected through the MoCA adapter can't communicate with the ONT. They need to communicate with your router, which can communicate with the ONT.

Keep in mind, that just because they're sharing a physical medium, doesn't mean that they can communicate. So even if though there is a physical link between them, the devices connected through the MoCA adapter can't communicate with the ONT. They need to communicate with your router, which can communicate with the ONT.

F

Yes... this was the confusing part. I guess we are programmed to believe that the WAN and the LAN would be on different physical medium. Thanks again for both of your replies!

Many people have upgraded from other cable providers to FIOS. Many of the old cable providers had runs going to each TV set which all terminated at spliters located outside the house (mounted to the side of the house). In that case the FIOS COAX is run from the ONT & Router (as the router is just connected to a splitter inside the house which goes to the ONT and the outside splitter) to the outside splitter. If verizon does not encrypt their MOCA then what stops someone from just attaching a MOCA network adapter to the splitter outside of the house and getting onto your network behind the NAT?????

Many people have upgraded from other cable providers to FIOS. Many of the old cable providers had runs going to each TV set which all terminated at spliters located outside the house (mounted to the side of the house). In that case the FIOS COAX it run from the ONT & Router (as the router is just connected to a spliiter which is inside) to the outside splitter. If verizon does not encrypt their MOCA then what stops someone from just attaching a MOCA network adapter to the splitter outside of the house and getting onto your network behind the NAT?????

Many people have upgraded from other cable providers to FIOS. Many of the old cable providers had runs going to each TV set which all terminated at spliters located outside the house (mounted to the side of the house). In that case the FIOS COAX is run from the ONT & Router (as the router is just connected to a splitter inside the house which goes to the ONT and the outside splitter) to the outside splitter. If verizon does not encrypt their MOCA then what stops someone from just attaching a MOCA network adapter to the splitter outside of the house and getting onto your network behind the NAT?????

Physical access will always give someone a huge edge in hacking a network.
However I'm not paranoid enough to even give a damn about someone physically connecting to my external FiOS MoCA connection, others may not share my views.

__________________"There is a distinct difference between having an open mind and having a hole in your head from which your brain leaks out."